# AgentSeal — Security Toolkit for Agents & MCP > AgentSeal is an FSL-1.1 (future Apache-2.0) toolkit that scans skills and MCP configs, monitors supply-chain risks, and tests prompt-injection resistance. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: ## Quick Use ```bash pip install agentseal agentseal guard # offline scan (no API key) agentseal scan --file ./prompt.txt --model ollama/llama3.1:8b agentseal scan-mcp --server npx @modelcontextprotocol/server-filesystem /tmp ``` ## Intro AgentSeal is an FSL-1.1 (future Apache-2.0) toolkit that scans skills and MCP configs, monitors supply-chain risks, and tests prompt-injection resistance. **Best for:** teams hardening agent configs before production and continuously monitoring prompt/MCP attack surfaces **Works with:** Python or Node installs, Ollama for local inference, MCP servers (stdio/SSE) for audits **Setup time:** 5-10 minutes ### Key facts (verified) - GitHub: 254 stars · 38 forks · pushed 2026-04-29. - License: FSL-1.1-Apache-2.0 · owner avatar + repo URL verified via GitHub API. - README-verified entrypoint: `pip install agentseal # or: npm install agentseal`. ## Main - Use `guard` as a preflight: scan skills and MCP configs for risky patterns before you ship a new agent build. - Use `scan` to measure prompt robustness over time—treat it as a regression test suite for system prompts. - Audit MCP servers you rely on: tool descriptions are part of your trust boundary, so poisoning detection matters. ### Source-backed notes - README Quick Start includes `agentseal guard` for offline scanning with no API key. - README lists commands like `scan` (prompt probes) and `scan-mcp` (audit live MCP tool descriptions). - README mentions baseline tracking with SHA-256 hashes to detect changes since last scan. ### FAQ - **Does it work offline?**: Yes—README says `guard`, `shield`, and `scan-mcp` can work offline. - **Do I need a model for scanning prompts?**: For `scan`, yes; use Ollama locally or a cloud model. - **Is it open source?**: License is FSL-1.1 (future Apache-2.0); review LICENSE for usage terms. ## Source & Thanks > Source: https://github.com/getagentseal/agentseal > License: FSL-1.1-Apache-2.0 > GitHub stars: 254 · forks: 38 --- ## Quick Use ```bash pip install agentseal agentseal guard # offline scan (no API key) agentseal scan --file ./prompt.txt --model ollama/llama3.1:8b agentseal scan-mcp --server npx @modelcontextprotocol/server-filesystem /tmp ``` ## Intro AgentSeal 是 FSL-1.1(未来 Apache-2.0)许可的安全工具箱,可扫描危险技能与 MCP 配置、监控供应链风险,并做提示词注入(prompt injection)抗性测试,适合把 agent 上线前的安全检查流程化。 **Best for:** 要把 agent 配置上线前做安全体检,并持续监控 prompt/MCP 攻击面的团队 **Works with:** Python 或 Node 安装方式、Ollama 本地推理、可审计的 MCP server(stdio/SSE) **Setup time:** 5-10 minutes ### Key facts (verified) - GitHub:254 stars · 38 forks;最近更新 2026-04-29。 - 许可证:FSL-1.1-Apache-2.0;作者头像与仓库链接均已通过 GitHub API 复核。 - README 中核对过的入口命令:`pip install agentseal # or: npm install agentseal`。 ## Main - 把 `guard` 当上线前检查:扫描技能文件与 MCP 配置里的高风险模式。 - 用 `scan` 做提示词鲁棒性回归:把系统 prompt 当测试对象长期维护指标。 - 对依赖的 MCP server 做审计:工具描述本身也是信任边界,投毒检测很关键。 ### Source-backed notes - README 的 Quick Start 包含 `agentseal guard`,可离线扫描且无需 API key。 - README 提供 `scan`(提示词探测)与 `scan-mcp`(审计 MCP 工具描述)等命令。 - README 提到用 SHA-256 做基线追踪,以发现配置被篡改或供应链变更。 ### FAQ - **可以离线用吗?**:可以。README 说明 `guard`/`shield`/`scan-mcp` 可离线运行。 - **扫 prompt 一定要模型吗?**:`scan` 需要;可用 Ollama 本地或云端模型。 - **它算开源吗?**:许可为 FSL-1.1(未来 Apache-2.0);具体以 LICENSE 条款为准。 ## Source & Thanks > Source: https://github.com/getagentseal/agentseal > License: FSL-1.1-Apache-2.0 > GitHub stars: 254 · forks: 38 --- Source: https://tokrepo.com/en/workflows/agentseal-security-toolkit-for-agents-mcp Author: Script Depot